Access permissions FreeRadius-Google LDAP failed
Jonathan Davis
jonathan at prioritycolo.com
Tue Oct 5 14:30:28 CEST 2021
The last error might be the clue "Insufficient access. Check the identity and password configuration directives"
> On Oct 5, 2021, at 8:18 AM, Benjamin Diehl <benjamin.diehl at foundationacademy.net> wrote:
>
> I am trying to figure out what could be causing this issue with FreeRadius and Google LDAP. I am getting a few errors when FreeRadius is trying to search for the user. I bolded the Error spots. I have tried multiple different username and password combos in the LDAP section, even tried it without. The accounts I have tested with have Super admin access and then I have triple checked the info when it's the Google LDAP credentials.
>
> (2) suffix: Checking for suffix after "@"
> (2) suffix: Looking up realm "foundationacademy.net" for User-Name = "benjamin.diehl at foundationacademy.net"
> (2) suffix: Found realm "foundationacademy.net"
> (2) suffix: Adding Stripped-User-Name = "benjamin.diehl"
> (2) suffix: Adding Realm = "foundationacademy.net"
> (2) suffix: Proxying request from user benjamin.diehl to realm foundationacademy.net
> (2) suffix: Preparing to proxy authentication request to realm "foundationacademy.net"
> (2) [suffix] = updated
> (2) eap: Request is supposed to be proxied to Realm foundationacademy.net. Not doing EAP.
> (2) [eap] = noop
> (2) [files] = noop
> rlm_ldap (ldap): Closing connection (6): Hit idle_timeout, was idle for 60839 seconds
> rlm_ldap (ldap): You probably need to lower "min"
> rlm_ldap (ldap): Closing connection (7): Hit idle_timeout, was idle for 60839 seconds
> rlm_ldap (ldap): You probably need to lower "min"
> rlm_ldap (ldap): 0 of 0 connections in use. You may need to increase "spare"
> rlm_ldap (ldap): Opening additional connection (8), 1 of 32 pending slots used
> rlm_ldap (ldap): Connecting to ldaps://ldap.google.com:636
> rlm_ldap (ldap): Waiting for bind result...
> ber_get_next failed.
> rlm_ldap (ldap): Bind successful
> rlm_ldap (ldap): Reserved connection (8)
> (2) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
> (2) ldap: --> (uid=benjamin.diehl)
> (2) ldap: Performing search in "dn=foundationacademy,dc=net" with filter "(uid=benjamin.diehl)", scope "sub"
> (2) ldap: Waiting for search result...
> (2) ldap: ERROR: Failed performing search: Insufficient access. Check the identity and password configuration directives
> rlm_ldap (ldap): Released connection (8)
> Need 2 more connections to reach min connections (3)
> rlm_ldap (ldap): Opening additional connection (9), 1 of 31 pending slots used
> rlm_ldap (ldap): Connecting to ldaps://ldap.google.com:636
> rlm_ldap (ldap): Waiting for bind result...
> ber_get_next failed.
> rlm_ldap (ldap): Bind successful
> (2) [ldap] = fail
> (2) } # authorize = fail
> (2) Invalid user (ldap: Failed performing search: Insufficient access. Check the identity and password configuration directives): [benjamin.diehl at foundationacademy.net] (from client localhost port 0 cli 50-E0-85-F7-E2-0C)
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list